Swing It Doc1 Swing Migration 2008 Rev1.06
-
Upload
muie11219569 -
Category
Documents
-
view
81 -
download
1
description
Transcript of Swing It Doc1 Swing Migration 2008 Rev1.06
-
Swing It!! Kits Reference Documentation
Swing It!! Swing Migration: Reference Part 1 How to Perform a Swing Migration 2003 to SBS 2008 Domains Author: Jeff Middleton You may purchase this document in a Swing It!! Kit from SBSmigration.com The Swing It!! Kits Reference Documentation is not free, therefore under no circumstance are you authorized to redistribute or forward to another party your own copy or a duplicated copy of this document, or the associated documents within the kit, or any programming tools which may also be included in the Kit. Please review the related guidelines on the pages that follow. 1.06 - 4.20.2009 Copyright 2004-2009 by Jeff Middleton, SBSmigration.com All rights reserved
-
How to Perform a Swing Migration from 2003 to SBS 2008
Page 2
Copyright 2004-2009 by SBSmigration.com Swing It!! Technician Kit Documentation
For more information on the Swing It!! Reference Kit, Swing It!! Technician Kit, plus a full range of Swing It!! related products and services, please visit to SBSmigration.com, or send an email requesting information as indicated below.
Swing It!! Kit information is available online or by request. To Contact us:
[email protected] Include the subject line: You Can Swing That! Info Request
Acknowledgments SBSmigration.com is grateful for the cooperation and opportunity to participate in discussions and access with the product teams for Microsoft Small Business Server development, support and community. The inspiration and technical suggestions offered from individual MVPs among the SBS-MVP and the SMB Family are too numerous to cite individually, but worth each and every moment to improve the accuracy and quality of the results. Our customers represent the best of the best IT Professionals worldwide with the enthusiasm, patience and persistence to make the best of what we offer the best of what they deliver, and to keep the target for quality and accuracy constantly improving through feedback and validation. About the Author Jeff Middleton is well recognized worldwide in Microsoft Small Business Server (SBS) community, known as a speaker, author, advisor, and technical community leader. Microsoft has awarded him each year since 1999 with the prestigious Small Business Server Most Valuable Professional recognition. Based upon 20 years of experience as a consultant and system integrator in small business and vertical market applications, hes operated his own business located in New Orleans since 1990. Jeffs name is now synonymous with Swing Migration, the worldwide SMB consultants choice of methodology for SBS Server replacement. He founded SBSmigration.com in 2004 providing a technical mentor and training product as a project consultant to consultants. His work is both published and cited in books and trade journals. As an expert in disaster recovery, domain migration, and a full-range of topics on the SBS and Windows platforms, Jeff travels constantly as a popular speaker. He has presented at conferences internationally including the Microsoft Partner Program, Tech Ed, SMBTN, ITA and SMB Nation, as well as lending his support in person as a guest speaker to over 50 local IT Pro groups of all sizes in North America, Australia and Europe. Starting in 2007, he launched the SBSmigration.com IT Pro Conference held annually during May in New Orleans offering a unique discussion forum for experts in SMB business and technology.
-
How to Perform a Swing Migration from 2003 to SBS 2008
Page 3
Copyright 2004-2009 by SBSmigration.com Swing It!! Technician Kit Documentation
Swing It!! Kit Documentation Allowed Use Guidelines This document is not free, and is part of a Swing It!! Kit purchase. Swing It!! Kits are a continuing partnership benefit to us, to our customers, and extended to their customers. Swing It!! Kits build technical skill, improve business practices, and that builds perpetual value for the all of us. SBSmigration.com has every intention to honor our agreements with you when you purchase a Swing It!! Kit, and we are optimistic that you will protect your investment from your loss, or ours. As the owner of a Swing It!! Kit, you received this reference, and may also have received tools with it, all under a license agreement which includes both copyright as well as authorized use restrictions which are enforceable.
You are permitted to use the documentation and tools provided with a Swing It!! Kit exclusively for the purpose of performing work related to what it describes, or preparing yourself in a manner of training or education on that purpose.
We consider it fair that someone you know personally might be given the opportunity to casually
review your materials or tools in the context of deciding if they would value having a Swing It!! Kit of their own. We also consider it fair to present the appropriate portion of your documentation to a customer or prospect for whom related work is involved, where adequate disclosure of the method involved is requested. However, please treat the shared access to our documentation and tools as a training material for which the right to use it in that manner is yours, and yours alone. We would consider a reasonable review as not effectively consuming the value gained in owning it without properly obtaining another technician license.
You may not use this reference to teach others in an educational, instructional, or presentation
manner. You should contact SBSmigration.com for information on how to obtain materials properly licensed for that purpose.
-
How to Perform a Swing Migration from 2003 to SBS 2008
Page 4
Copyright 2004-2009 by SBSmigration.com Swing It!! Technician Kit Documentation
Distribution and Duplication Guidelines This document is not free, and is part of a Swing It!! Kit purchase. You can obtain a Swing It!! Kit with complete documentation, tools and associated services by contacting us at SBSmigration.com. This document is only available as part of a Swing It!! Kit purchase. The owner of a Swing It!! Kit receives this reference, and may also receive tools with it, via license agreement conditions which define copyright as well as restrictions of use which are enforceable. If you received this document from any other source than SBSmigration.com, please contact us to obtain a fully licensed Swing It!! Kit of your own, the complete related documentation, services and total value intended. Swing It!! Kits are licensed per technician, therefore our services and support are extended only to the original purchaser.
SBSmigration.com understands your need to protect your investment in the tools and documentation provided in your Swing It!! Kit. We consider it fair and reasonable use for you to make as many backup copies of any of these items as is necessary to protect yourself from loss or damage. We also understand that you may wish to maintain multiple copies for the purpose of keeping references and tools in more than one location you can work from in the course of a project, or on more than one device, or for continuing use. We expect at all times that you would have the thought in mind that each copy you make is either for a backup to protect against loss, or a copy you have made to facilitate your active work process, but for no other reasons. Leaving copies for others to use is not a permitted use.
You may not place any hard copy or electronic copy of any portion of a Swing It!! Kit
documentation or tool (or tool code) in a location that provides anonymous access.
You may not store or locate the Swing It!! Kit tools or documents in a manner which encourages, or permits violation of the license agreement or copyright such as with file swapping technologies.
Under no circumstances are you permitted to abstract portions of this document and share
them with anyone else, without obtaining specific and written authorization from SBSmigration.com for that purpose, and on that occasion, such as for a periodical review. This means that posting sections of documentation to the Internet or public network, or a chat room, or a private network are all examples in violation of our license and copyrights because they do not represent a backup or reasonable use.
-
How to Perform a Swing Migration from 2003 to SBS 2008
Page 5
Copyright 2004-2009 by SBSmigration.com Swing It!! Technician Kit Documentation
-
How to Perform a Swing Migration from 2003 to SBS 2008
Page 6
Copyright 2004-2009 by SBSmigration.com Swing It!! Technician Kit Documentation
Contents Swing Migration: How to Perform a Swing Migration
Part 1 Doc 1
Overview: How to Perform a Swing Migration
Understanding the Swing Workflow and References o Distinguishing between the Server Name References Used o Summary Timeline Considerations o Pre-Upgrade Disaster Recovery Precautions
Phase 0: Migration Notes & Server / Domain Audit
Review of Your Domain and Existing DC Confirmation Phase 1: Existing DC and Domain Preparation
Prepare the existing Domain and Production DC Server Configuration Prepare Your Migration Notes and Automated Migration Tools
Phase 2: Transfer AD from the OriginalDC to TempDC
Step A. Install a clean baseline of Server 2003 only (SBS 2003 Media) Step B. DCpromo to establish the server as a new DC in the existing Domain Step C. Root Domain Management Transfer/Seizure Step D. Perform Required Active Directory Cleanup of Exchange Step E. Remove Domain Controller entries: AD, DNS, WINS, DHCP Step F. TempDC Pre-Setup Housekeeping Preparations Step G. TempDC Exchange Installation
Phase 3: (This resumes in Part 2)
-
How to Perform a Swing Migration from 2003 to SBS 2008
Page 7
Copyright 2004-2009 by SBSmigration.com Swing It!! Technician Kit Documentation
Contents Swing Migration: How to Perform a Swing Migration
Part 2 Doc 2
Phase 3: SBS 2008 Setup: Join to Domain from TempDC to FinalDC
Step H. SBS 2008 Join to Domain Installation Phase 4: Post-SBS 2008 Setup Tasks and Customization
Step I. Post-Setup SBS 2008 Configuration Step I. Server Applications and Customization Step I. Strategic Migration Testing
Phase 5: Transition: Exchange, Data, and Shared Network Resources
Step J. Exchange Information Store Transfer o Stage 1: Exchange Forklift Compliance Review o Stage 2: Store Forklift Transfer and Mount o Stage 3: Reset Exchange Configuration Bindings to AD and Clients o Stage 4: Exchange Mailbox & Public Folder Migration
Step K. Additional Final Server Configuration Issues o Migrating Data Files o Migrating Shared Folder Definitions o Migrating SharePoint CompanyWeb o Shared Printer Configuration o Shared Fax Configuration
Step L. Additional Final Server Configuration Issues o SBS Premium and Line of Business Applications
Step M. New Server Final Deployment o Workstation Connectivity o Outlook Configuration and Synchronization o Connect Internet Wizard o Enable SMTP Email Flow from Internet o Configure User Roles Wizard o SBS 2008 Group Converter Utility
Step N. Decommission TempDC Server Tasks o Remove Exchange Routing Group Connectors o Remove Recipient Update Service Objects o Remove Public Folders Store and Mailbox Store o Uninstall Exchange Server Application o Demote Server Using DCpromo o TempDC AD Object Removal
-
How to Perform a Swing Migration from 2003 to SBS 2008
Page 8
Copyright 2004-2009 by SBSmigration.com Swing It!! Technician Kit Documentation
Overview: How to Perform a Swing Migration
In the simplified diagram above, you should immediately observe why this is called a Swing Migration. Notice that we use a third DC temporarily as the pivot point in a Swing of moving Active Directory. The AD is shifted using normal Windows Domain Controller replication. Since that TempDC isnt needed permanently, we dont need additional licenses or care to use a production server for this purpose. This becomes clearer as you review the balance of the overview that follows. Active Directory is the only content moved from the OriginalDC to the TempDC in Phase 2. Therefore your OriginalDC remains in production, unchanged by the construction at that point. The TempDC cleanup and further configuration tasks proceed offline, even offsite for Phase 2-4. The key change in Swing Migration for SBS 2003 to SBS 2008 projects is driven by the need to transfer the Exchange 2003 Information Store via the TempDC. Therefore, during Phase 5 the Store is moved onto the TempDC allowing the mailboxes to be migrated over individually to the FinalDC. This means that the TempDC is not removed from the construction configuration until the end of Phase 5. Just keep in mind that the Exchange Store remains on the OriginalDC continuously into Phase 5, and only at that point is the data moved rapidly across the TempDC into the FinalDC.
Figure 1 Swing Migration Simple View
-
How to Perform a Swing Migration from 2003 to SBS 2008
Page 9
Copyright 2004-2009 by SBSmigration.com Swing It!! Technician Kit Documentation
We start now with an orientation on the technical path of construction preparations and implementation. Take a look at the pictorial flow illustration in summary. If you dont see the logic immediately, dont worry. The next few pages go step by step through the technical procedures to highlight individual phases of construction. The main point shown below is that the AD migration and server construction moves on a separate path, the loop around the bottom, followed later by the data migration as the final phase of construction.
If you are already familiar with Swing Migration from having worked a project to migrate to a 2003 platform, you likely will be interested in the summary comparison of that project outline compared to the 2008 series project path. On the other hand, if this is your first introduction to Swing Migration, dont be concerned about analyzing the next section to closely, you will find its followed immediately with a beginners introduction to the Swing Migration project path, you wont need any prior experience to follow that explanation.
Figure 2-1 Swing Migration Overview Illustration
-
How to Perform a Swing Migration from 2003 to SBS 2008
Page 10
Copyright 2004-2009 by SBSmigration.com Swing It!! Technician Kit Documentation
Comparing the Swing Project Series: 2003 vs. 2008 Platforms Note: This section is specifically for those experienced in doing a Swing Migration with the 2003 Series projects (that conclude on a 2003 release platform) vs. this project scenario for migration to SBS 2008 platforms. Swing Migration for SBS 2003 to SBS 2008 follows similar logic to past project outlines in Swing Migration to conclude on a 2003 platform. However, to incorporate the migration to Exchange 2007 we also have some additional tasks added. In the original 2003 Series migration the TempDC was only used for just that, a TempDC. Within the logic of the 2008 Series migration the TempDC is employed again initially only as a TempDC during Phase 2. But the new concept is to use it as well as a bridge in the transition of Exchange data in Phase 5. This means it remains attached to the FinalDC all the way through until Phase 5. This is because at the end of Phase 2 we now also install Exchange 2003 on the TempDC. That prepares the Active Directory and for the Exchange Information store to be migrated across the TempDC Exchange 2003 into the FinalDC Exchange 2007. This change is required because Exchange 2007 does provide compatibility to Forklift the Exchange 2003 version Information Store onto Exchange 2007the database formats are now different. In addition, Exmerge has been eliminated with Exchange 2007, and an import from PST combined with PST export is time consuming and a challenge with larger mailbox sizes common today. Not to worry, the Exchange-Swing Migration works quite efficiently, but will require some time depending upon the size of the store. The procedure outlined here identifies how you can address Phase 5 as a Forklift the Exchange 2003 store quickly from the OriginalDC onto the TempDC, then cleanup that stage of work using a new tool that comes with the Kit: ExchSwingTool. Using ExchSwingTool you can mount the original store on the TempDC and take the option to either move for interim production use of that combination of TempDC with Exchange 2003 and FinalDC with Exchange 2007, or working offline you could transfer the mailboxes over to the Exchange 2007 before going live with the FinalDC. Once you have completed the mailbox migration you can decommission the TempDC Exchange Server installation and decommission the TempDC just as Microsofts Migration Mode documentation outlines to do. As a summary perspective on the Exchange Migration, this process of Swing Migration with the TempDC allows the OriginalDC to remain completely unchanged for the entire project. Yet at the point of transition you can quickly move an intact Information Store to the TempDC with your choice on procedure to transfer the mailboxes exactly as Microsoft defines in their documentation. The difference is that we have the OriginalDC unplugged, unchanged and nothing to undo if we need to roll back. If you keep the Exchange 2007 server offline from the Internet, you have full rollback options with no changes required. Keep in mind that these concepts also preserve the option to fully prototype test this deployment scenario offline, using a copy of the originalDC information store for you test. You can test all the way to the end of Step M, with only the decommission of the TempDC remaining. Thats a huge value in preparations! Swing Migration remains the best option that is repeatable and consistent with Microsoft Migration Mode construction, yet vastly more convenient, predictable and transparent in results. And as the bottom line for consults, you retain the convenience to do most work offline, offsite, nothing to undo.
-
How to Perform a Swing Migration from 2003 to SBS 2008
Page 11
Copyright 2004-2009 by SBSmigration.com Swing It!! Technician Kit Documentation
4 Phases of Offline Constructionthen 1 Data Transition Phase You can review the pictograph extending across the next several pages to identify how the project flows through the various phases of construction. We start with a pictograph, followed by a chart step summary.
Build Offline: Phases 1- 4 Existing DC and AD Domain Analysis Audit Namespace Verify DNS and AD
Health Configuration
Corrections Prepare Deployment
Notes
Data Transition: Phase 5 Exchange Forklift to
TempDC Exchange transfer to
FinalDC Data Transfer from
OriginalDC to FinalDC as backup then restore
Substitute FinalDC for OriginalDC in production LAN
-
How to Perform a Swing Migration from 2003 to SBS 2008
Page 12
Copyright 2004-2009 by SBSmigration.com Swing It!! Technician Kit Documentation
Phase by Phase Review
Phase Zero Health Analysis Review on Existing DC and AD Domain Audit Namespace Verify DNS and AD Health Configuration Corrections Prepare Deployment Notes
Phase 1 Existing 200x DC Server Preparation Update Service Packs Upgrade Compliance
Configuration Changes
-
How to Perform a Swing Migration from 2003 to SBS 2008
Page 13
Copyright 2004-2009 by SBSmigration.com Swing It!! Technician Kit Documentation
Phase 2 Build Win 200x TempDC using temporary hardware or Virtual PC/Server Install Baseline Win
200x Configure Network
Adapters DCPromo to DC Verify DNS and AD
Health Cleanup AD Directory
removing all other DCs Cleanup Exchange in
Active Dirctory Remove Domain Trusts Remove DNS
references Clean Install of
Exchange 2003 on TempDC
-
How to Perform a Swing Migration from 2003 to SBS 2008
Page 14
Copyright 2004-2009 by SBSmigration.com Swing It!! Technician Kit Documentation
Phase 3 Build SBS 2008 on Final Hardware using SBSAnswerFile SBS 2008 install in
Migration Mode On construction LAN,
setup performs join to domain with TempDC
Assign Name and IP matching original server to be replaced
SBS 2008 Setup completes standard installation sequence
Phase 4 Finalize SBS 2008 Post-Setup installation of Applications and customization Complete required SBS
2008 post-setup specific installation tasks
Install any Windows and Applications, Service Packs or customizations
Complete all configuration which can be done without data migration
-
How to Perform a Swing Migration from 2003 to SBS 2008
Page 15
Copyright 2004-2009 by SBSmigration.com Swing It!! Technician Kit Documentation
Phase 5 Transition of Client/Server applications and data including Exchange Information Store Forklift transfer via TempDC Production shutdown
begins for transition to new server
Transfer data via backup and restore onto new server
Forklift Exchange Information Store via TempDC, mailboxes transition into new Exchange 2007 Information Store
ExchSwingTool makes adjustments/repairs to Exchange Mailboxes to resume normal operations
Transfer any additional applications such as Sharepoint, SQL, or Line of Business applications
Return to production operations on new server
Deploy client applications or updates as needed
Decommission TempDC
-
How to Perform a Swing Migration from 2003 to SBS 2008
Page 16
Copyright 2004-2009 by SBSmigration.com Swing It!! Technician Kit Documentation
Swing Migration Benefits Continuing with the tradition of safe construction offline, and transparent replacement procedure for the new server, Swing Migration for SBS 2003 to SBS 2008 provides the following benefits:
Same Domain Name (and SIDs) Same Server Name and IP Same Information Store intact No Impact to Workstations or User profiles Business online during construction Work offsite and/or offline, open timeline Nothing to undo migration in progress
Notice that all of the critical path construction and compliance for the migration is performed offline, without making changes to the production domain or server. In addition, all of the data migration tasks can be fully tested with trial data in advance if you prefer to level of planning. Once you are satisfied with the migration results you have tested offline you can commit to a predictable transition online.
Swing Migration Workflow Benefits
-
How to Perform a Swing Migration from 2003 to SBS 2008
Page 17
Copyright 2004-2009 by SBSmigration.com Swing It!! Technician Kit Documentation
Understanding a Typical Swing Workflow and Server References
Server Name References Swing Migration is described in this documentation as a project with the goal to replace one existing server with a new server retaining the same name and providing the same application services. This documentation assumes that this server is both a Domain Controller and an Exchange Server, and it typically is also your internal network DNS Server. The server name references in this documentation refer to the respective servers instances according to the following logic:
Server References in this Documentation
OriginalDC This is the existing server you are replacing
TempDC This temporary DC is an interim construction machine, not sold or licensed, really just a tool in the process
FinalDC This server is the goal of the project, its what you put into service Distinguishing between the Server Name References Used OriginalDC I refer to this generically as your existing DC, or perhaps as your existing OriginalDC. If you have only one existing server, this would be the originalDC. If you have several servers being replaced at once, we normally think of the OriginalDC as the root DC with all the FSMO roles. If you are consolidating servers down to fewer servers, the OriginalDC is typically the one you are preserving with its original name retained. TempDC The TempDC is the server used temporarily to obtain a copy of the Active Directory off the OriginalDC, its a core part of why this project works offline. The machine holds AD in our offline construction to facilitate the cleanup swing steps removing the OriginalDC objects in AD. You construct the FinalDC server by bringing over a cleaned up copy of the AD, and you will deploy to replace the OriginalDC with this server.
-
How to Perform a Swing Migration from 2003 to SBS 2008
Page 18
Copyright 2004-2009 by SBSmigration.com Swing It!! Technician Kit Documentation
FinalDC The server you deploy permanently with the same name as the original server is the FinalDC, and typically this machine has the same name as the previous one. Deploying a FinalDC with a different name adds complications to the project process, so its not a normal project path, though it can be done. More about the TempDC Ive chosen to refer to the temporary DC we construct in Phase 2 as the TempDC, while calling the final machine you intend to deploy as the FinalDC. The TempDC is needed through Phase 5 to facilitate the migration of the Exchange Information Store. This can be an excellent application for virtual server. In some cases, you may be introducing a pair of new servers as part of your project. If one is intended to be a permanent Exchange server and DC, you might use it for the TempDC. Otherwise, using a truly temporary server installation is preferable. For a typical TempDC, theres no value in getting creative since the machine identity will be completely removed from your Active Directory before the end of the project. You are encouraged to use the name TempDC, or TempDC01, TempDC02 if you need to iterate the project starting over in Phase 2.
-
How to Perform a Swing Migration from 2003 to SBS 2008
Page 19
Copyright 2004-2009 by SBSmigration.com Swing It!! Technician Kit Documentation
Swing Migration projects provide some unique benefits, and heres where you will see several. OriginalDC To do this project path you dont need to update your OriginalDC to the latest service packs if they are not already installed. Our project path allows us to address the service pack preparations only on the TempDC and only for what we require in our minimal installation. Conspicuously missing below is a requirement for SBS 2003 SP1, its not required. We avoid this problem because our TempDC doesnt have the same service pack preparations as an SBS 2008 server join would involve, thus the construction is simpler and the preparations issimpler. TempDC Our typical project construction allows us to address just current Windows 2003 and Exchange 2003 updates on the TempDC. Even if you are using SBS 2003 media for construction of the TempDC, our construction path doesnt require a fully SBS 2003 installation, only the Windows and Exchange application media is installed from the SBS media. Without installing the additional SBS features we dont need to address the full suite of service packs for all those features we have no use for in our purpose. This avoids and saves you at least 2-3 hrs construction that was non-essential for a TempDC. The Kit tools provide a simple workaround against the SBS 2003 SP1 requirement blocking your setup experience.
Preparation: Original (Existing) Server Supported Media & Requirements
Existing Server: Media/Platform Prerequisites Service Packs Required
2003 Platforms: SBS 2003 Server Media (pre-R2 or R2)
Platforms: Standard or Premium Edition SP Release versions: All Media Source: All
Windows 2003 Server Media (pre-R2 or R2)
Platforms: All SP Release versions: All Media Source: All
Windows 2003 Any installed service pack
level supported (no update is required)
Exchange 2003 Any installed service pack
level supported (no update is required)
SharePoint 2.0 Update to SP3 prior to
moving the database
SBS 2000, BOS 2000 or Windows 2000Platforms: All Release versions: All Media Source: All
Exchange Server 2000 or 2003
Platforms: All Release versions: All Media Source: All
Windows 2000 Service Pack 4
Exchange 2000 Service Pack 3
All Media Source includes: OEM, MOPL, Retail, MSDN, Action Pack or Trial media
Service Pack & Platform Version Requirements
-
How to Perform a Swing Migration from 2003 to SBS 2008
Page 20
Copyright 2004-2009 by SBSmigration.com Swing It!! Technician Kit Documentation
Construction: TempDC and FinalDC Supported Media & Requirements
TempDC Installation Media Phase
Recommended: SBS 2003 Server Media (pre-R2 or R2)
Platforms: Standard or Premium Edition Release versions: RTM (Gold) release Slipstreamed SP2 Media Source: All
Windows 2003 Service Pack 2
Exchange 2003 Service Pack 2
Recommended: Windows 2003 Server Media (pre-R2 or R2)
Platforms: All Release versions:All Media Source: All
Exchange Server 2003 Media Platforms: All Release versions: All Media Source: All
Windows 2003 Service Pack 2
Exchange 2003 Service Pack 2
Compatible but not recommended: Windows 2008 Server Media (pre-R2)
Platforms: All Media Source: All Note: Windows 2008 media is not recommended for the TempDC unless you are already running Windows 2008 DCs in the production domain. The Kit documentation does not include instructions for Windows 2008 specific issues.
Windows 2003 (32-bit) Any installed service pack
level supported (no update is required)
32-bit platform required to host Exchange 2003 for Information Store transition
All Media Source includes: OEM, MOPL, Retail, MSDN, Action Pack or Trial media
FinalDC Installation Media
Required: SBS 2008 Server Media
Platforms: Standard or Premium Edition Release versions: All Media Source: All
Exchange 2008 (Warning!) Service Pack 2 installed
as an update on SBS 2008 will break functionality without other post installation tasks.
All Media Source includes: OEM, MOPL, Retail, MSDN, Action Pack or Trial media
-
How to Perform a Swing Migration from 2003 to SBS 2008
Page 21
Copyright 2004-2009 by SBSmigration.com Swing It!! Technician Kit Documentation
It used to be that you could talk about the hardware requirements for installing a server and actually be talking about, well, hardware. Times are changing. For the traditional explanation of hardware requirements for installing SBS 2008 as well as for a Swing Migration construction of a TempDC, please use the suggestions just below. These are intended for interpretation to mean that there are no Virtual Server configurations involved as host or guests as part of this decision or analysis. SBS 2008 Hardware Requirements (FinalDC)
Hardware Minimum Requirement
Processor 2.66 GHz 64-bit (x64)
Physical memory 4 GB (8G Recommended)
Storage capacity (System Partition Requirement) 60 GB
DVD drive 1
USB Port Recommended for Setup
Network adapter One 10/100 Ethernet adapter (1Gbit Preferred)
Monitor and video adapter Super VGA (SVGA) monitor and video adapter with 1024 x 768 or higher resolution
Network devices One router that supports IPv4 NAT or IPv6
Optional network devices Device required by your Internet service provider (ISP) to connect to the Internet
One or more switches to connect client computers and other devices to the local network
Source: (Microsoft) SBS 2008 Release Notes June 2008
Using Virtual Servers for SBS 2008 (FinalDC) This information provided is not intended as optimization information. This is provided only as a baseline recommendation as compared to the hardware specification above. You can assume that at least an additional 1 Gb RAM per VM should be provided on a minimally configured host (memory) partition in order to host the Virtual Server guest partition. Therefore you should add 1 Gb for the host, plus the memory environment for each guest OS you plan to use. Disk performance will generally be enhanced for the SBS 2008 running as a guest if you provide separate spindles for the host and guest operating systems to isolate disk activity.
SBS 2008 Server: Minimum Hardware Requirements
-
How to Perform a Swing Migration from 2003 to SBS 2008
Page 22
Copyright 2004-2009 by SBSmigration.com Swing It!! Technician Kit Documentation
The illustration above shows a typical workbench arrangement that you might use for the offline construction in Phases 2-5. In addition to the SBS 2008 final server hardware, you will need some spare equipment for the construction phases. Using Spare Hardware for Construction Tasks Remember, a significant advantage of Swing Migration is that you can leave the production domain unchanged, you can work with your construction LAN isolated from the production domain. For IT consultants this includes the idea of doing the majority of the construction tasks in your office, not at the customers place of business. Typically you would like to have the following items for your offline construction:
TempDC A minimal 32-bit workstation class machine to load as the TempDC Consumer grade Network Switch/Router Connects the TempDC and FinalDC USB Hard Drive Convenient for backup/restore of data to FinalDC
Please note: The TempDC is not optional, its a requirement. The optional consideration is deciding what you want to use as the TempDC. It can be anything from spare workstation class hardware to a virtual server installation if you are familiar with using that technology. You can even substitute a spare hard drive into a workstation if you have no better option. Internet Access Not Required Swing Migration procedures generally endorse not connecting to the Internet during your offline construction. Its not required by the procedure, and as a general rule you would be better off to prepare pre-downloaded copies of any service packs or updates.
Offline Construction: Temporary Hardware Requirements
-
How to Perform a Swing Migration from 2003 to SBS 2008
Page 23
Copyright 2004-2009 by SBSmigration.com Swing It!! Technician Kit Documentation
Swing Migration: TempDC Hardware Requirements Note that this is not a permanent machine requirement; you can reasonably use a workstation class machine for this temporary use. The purpose of the TempDC machine used in a Swing Migration is described in the earlier sections on the Swing Migration phases of construction.
Hardware Minimum Requirement
Processor 700 MHz 32-bit (x32)
(1 GHz or above recommended for larger transfer operations above 8G Exchange Store size.)
Physical memory 512 MB (1 GB recommended)
Disk Partitions System Partition: 8 GB
Data Partition: Up total 120 GB for Exchange only
CD/DVD drive 1
Network adapter One 10/100 Ethernet adapter
Monitor and video adapter Super VGA (SVGA) monitor and video adapter with 1024 x 768 or higher resolution
As compared with Swing Migration to a 2003 final platform, the SBS 2008 project involves a significant change in the hardware requirements for the TempDC. The new requirement is to run the TempDC as a fully functional Exchange Server during Phase 3 through Phase 5. This is necessary to facilitate the transfer of the Exchange 2003 Information Store for migration to the Exchange 2007 server. This means that the trivial TempDC requirement for Exchange 2003 to 2003 migrations is no longer applicable, we need a machine with a reasonable amount of RAM. Using Virtual Servers for TempDC in Swing Migration The information provided is not intended as optimization information. This is provided only as a baseline recommendation as compared to the hardware specification above. You can assume that at least an additional 1 Gb RAM per VM should be provided on a minimally configured host (memory) partition in order to host the Virtual Server guest partition. Therefore you should add 1 Gb for the host, plus the memory environment for each guest OS you plan to use. Data Transfer to Final Server: USB Drive based Restore At no time will the OriginalDC and the FinalDC be connected to each other. The data transfer from your original production server should be handled as a backup and restore operation. Typically you can do this using NT Backup to a USB or similar transfer hard drive. The Swing It!! Kit describes the use of NT Backup as a convenient alternative however you should certainly use more efficient products for drive imaging if you have that option.
-
How to Perform a Swing Migration from 2003 to SBS 2008
Page 24
Copyright 2004-2009 by SBSmigration.com Swing It!! Technician Kit Documentation
Swing It!! Kit Tools Tools to help with the References The table below outlines some of the tools you have available to take notes and assist you with review of your current server configuration. Details of how to make best use of these tools is summarized in Document 4 of the Kit, the Tools Reference.
Swing It!! Kit Tools
Server Transition Tools o ShareMig Shared Folder definitions/security are intelligently
recorded & re-established without duplicates or invalid entries Updated! o DNSPurge Locates and removes all DNS records related to
a specific server for faster, accurate cleanup. Updated!
Summary Notes and Status
o PrintDef Report all Printer Definitions Settings o MailAddyAll Report all email addresses by user/group Updated! o DialinBy Report all users Dialin permission status o LgnScrpt Report User Logon/Profile Legacy Settings o EventDmp Click to export all Event Logs at once Updated!
Individual User/Group Analysis
o GrpNest Report nested group memberships for a User o AdminSID Report Root Admin & Admin Group memberships
Username/SID by domain or local station
New Tools for SBS 2003 to SBS 2008!! o SwingIT AnswerFile Tool Generates a default
SBSanswerfile.xml file ready for Migration Mode and including defaults obtain for your existing server
New!
o ExchSwingTool Resolves Orphan Mailbox, mismatched attributes and public folder issues
New!
o DcGpoVerify Detect, optimize, & correct flawed DC Security Policy conditions or orphan SID references
New!
o SwingItPreSourceTool Prepares your domain configuration prior to running SBS 2008 setup New!
o ExchPfReport Analyzes and recommend public folders for required cleanup actions New!
o GPO_Review - Analyzes and recommend Group Policy Object required cleanup actions New!
Important: To run these tools you must rename them after you download them. The filename must be changed from .V_B_E to .VBE in order to execute them. Please see the note on the following page for more details.
-
Page 25
Copyrigh Swing It!! T
Hints on Just belowsuggestioexample b
How t
ht 2004-2009 bTechnician Kit
n When to u
w you see a tyon hint box mabelow is worth
Swi
Swing incremea simplesimulta After yomuch ththem, o
Impor
Renam The toolthem fro To use tcharacte
Thereforsuch as
(In case Once thesome ad
o Perform a
by SBSmigratio Documentatio
se Tools
ypical reminday also be fouh noting as a
ing It!! To
It!! Kit Tooental progree way to crneously, wi
ou export thhey compreor send the
rtant Note
me the To
s provided wom false-posit
the tools you ers from the fi
Downloaded Use them as
re, as a convec:\swingit, the
Ren C:\swin
you wondere
e tools are redditional docu
Swing Migra
on.com on
der that will beund inline to avaluable sug
ols Tip
ol EventDess while preate a recoith a single
he logs withess using Wlogs by em
: How to U
ool Filena
ith the Kit aretive deletion b
must renameile extension.
d name: [too
s name: [tool
enient solutioen from a CM
git\*.V_B_E
ed, it doesnt
enamed, they umentation on
ation from 20
e offered as aa task page wggestion. You
Dmp can eaerforming aord of all yoclick.
h EventDmpWinZip or simmail.
Use Swin
me to .VB
e names that eby antivirus sc
e them to rem For example
lname].V_B_
lname].VBE
on, you can coMD prompt run
C:\swingit\*
matter if the n
execute with n tools in Doc
003 to SBS 2
a suggestion fwhen appropri
really will val
asily help yoa new instaour Event Lo
p, you may milar tools
g It!! Tool
BE
ends in .V_B_canners.
ove the undee:
_E
opy all these fn the followin
.VBE
name is uppe
a double-clicc4 of the kit.
008
for a tool you ate. By the wlue the Event
ou documellation. Thisogs
be surprisein order to
ls
_E to protect
erscore
files into a sing command:
er or lower cas
ck. You will al
can use. A sway, this partic
DMP tool!
ent your s tool is
ed how archive
ngle folder,
se.)
so find
imilar cular
-
Page 26
Copyrigh Swing It!! T
No
ReplacingAs a pracin this prosingle DCand ExcchallengpreserviServer i
Changingmore tranchange th
possible brway th
Server GroYes, you cto replace having the performingconcurrent
How t
ht 2004-2009 bTechnician Kit
M
ormal 1:1 M
g One Server wctical reality, yoocess, or you mC) environmentchange Server ge in this projecng the original if they are to beg the name asssparent, but do
he name of the reak many UNChat will aggrava
Consolida
oup Replaceman apply the saa group of servsame identity.
g a hardware upt upgrade to the
Server Re
o Perform a
by SBSmigratio Documentatio
Multi-Serv
Migration
with More thanu might be rep
might be expandt to have multipservices on moct is to determinserver name o
e split across msociated with thoes involve somDC and it is alC path designaate the staff, or
ating
ments as a Setame theory of Svers with a newIn that proces
pgrade only, ore servers at tha
?? name
Swing Migra
on.com on
ver Swing
ReplacIn mostone eximore thExchanyour thithat onethe sam
n One Serverplacing more thding from a sin
ple DCs or a spore than one Dne if you benefon the DC or thmore than one he Exchange Sme additional cso a file/print sations at the woeven break ap
BringinThe samname cfolks wicurrentprocess
t Swing Migratiow group of servs, you can be r even do a at same time.
No SerI get thiTempDControland all candidayou readirectio Swing Mnever reor partiafor the you simprefer a
ation from 20
g and Wor
cing One Servet projects involvsting Domain C
han one existinnge and Domaiinking slightly. e server in part
me name as the
an one server ngle-server (or plit of your DC C. The main fit more from he Exchange new server.
Server can be cleanup. If you server, you will orkstations in applications.
ng Many Serveme issues disc
change, you haill want to retainly use, both to s, but here you
on vers
rver Rename ais question all t
DC? Im firmly clers, Exchangethe other depe
ates for a renamally cant save mon.
Migration neveename a serveally configurednew replaceme
mply construct tas you are build
003 to SBS 2
rkflow Var
er with One Seving Swing MigController befog DC, or if youn Controller opThe documentticular is being e previous one
a
ers down to Ocussed above aave to clean up n the actual prokeep it familiar
u have to comp
Multi-S
as a Step, we cthe time: Why c
convinced that se Servers, Webendencies involme. Its just notmuch if any tim
r applies a techer by literally ch server. For anent server to hathat new serveding it.
008
riations
erver gration, you likere the project s
u have separateperations, you wtation is based replace by a n.
Explodi
One Server apply in reverse
the impact. Oboduction server and to minimiromise.
Server Sw
can build withcant I just renaservers that arb Servers, Shalved at once art predictable. M
me trying to pus
hnical rename hanging the actny project wherave a different r using the diffe
ely have only thstarts. If you hae servers for yowill need to aligupon the prem
new server usin
ng
e. If you force abviously most
er name you ze the technica
ing
h New Name ame the re Domain repoint Serversre not good More importantsh a project in t
process. We tual name of a re your strategyname assigneerent name you
he ave our gn
mise ng
a
al
s
ly, this
full y is d, u
-
How to Perform a Swing Migration from 2003 to SBS 2008
Page 27
Copyright 2004-2009 by SBSmigration.com Swing It!! Technician Kit Documentation
Conventions in the Documentation Inline Warning, Tips, and Comments
Many references (that are not part of the actual workflow steps but are related to the situation in progress) are highlighted as sidebar information, in-line to the document steps. Each type of in-line reference includes a unique appearance (box style and color), and labeled to identify the importance it carries. Some of these entries are embedded in the Task Box format, others are standalone because they relate more to a point in the project than a technical aspect of a specific Task. As an example of a standalone comment, the Expert Tip shown below provides additional information about using ADSiEdit and NTDSutil, warning that these are very dangerous command to use on live Active Directory information. Hopefully you already realize this point, but this caution is presented here, both as an illustration of an in-line comment, and to reinforce that very point. Be careful with these tools!
Expert Tip
NTDSutil and ADSiEdit are Efficient Killers And yet, we will use them. You never see a Microsoft KB that discusses the registry editing tool Regedit without a very scary looking warning to the effect you could kill your computer with this tool, so dont blame Microsoft. Okay, its a little less blunt. Nonetheless, during this migration we dont use Regedit specifically, but we do use two other tools that make Regedit look like a beanbag weapon. NTDSutil and ADSiEdit are two of the most efficient killers of Active Directory you could ask for. Any mistake you make with these tools in a production environment would be potentially lethal disasters. Since we work offline with these tools, we have the safety of starting over, but thats about all. You should be prepared to start over from the beginning if you make a mistake. Better yet, dont make a mistake, and be certain that you read the entire step description Ive provided, and understand it fully before you press Delete! There is no Undo command here. Familiarize yourself with the process before you start to use these tools.
On the following page is an illustration of a Task Box with an explanation of the layout it provides to help you move quickly through the indicated tasks, plus some inline comments to emphasize special issues.
-
How to Perform a Swing Migration from 2003 to SBS 2008
Page 28
Copyright 2004-2009 by SBSmigration.com Swing It!! Technician Kit Documentation
Understanding the Task Frame Page Layout of this Documentation Please take a moment to review the frame below, it illustrates and explains how the documentation is formatted to make it easier for you to get more or less detailed information on every task. Note that not all Task Frames in the documentation have all of these elements. In fact, most have far fewer elements. Task # Instruction Reference Context that Applies
What This Task is All About at a Glance
Background on Why you have a particular task to do now, and information that helps you to understand if it applies to your circumstance. You probably dont need to read this section after you have done at least one project, or only if an unusual condition you have not encountered before should arise.
Important Concern
Important points that need special consideration for any project are highlighted. These tend to be very critical points you must pay attention to because if you get this wrong, you probably could end up having to redo some or all of your work, or even become blocked in this task.
Media/Tool Requirement
Media A Some tasks involve either installing a tool, or an outside resource that may be available on your original Media.
Media B In some cases, you will have different media requirements with different version of Windows.
Tasks
KB 325379
How to do this Task This section will describe the actual required task steps. Typically the steps are numbered or contain bullets to help you proceed in an orderly manner. In most cases, this section is the minimum requirements for the task. If you are familiar with this task, you probably dont need to read the Why information, just the actual steps. 1. Preparing to work a Swing Migration project the first time, you probably will be
interested to review the WHY information as well as each of the inline comments and alerts. Its educational, and I believe it helps you to remember the process.
2. Once you are familiar with the project steps, you may find that with only a glance at the title block you will know WHAT you need to do. Like any newspaper or journal, this is a headline to frame the entire topic in summary.
3. You may notice the comments sidebar to the left? In addition to label for the Expert Tips, Important Concern or Media/Tool Requirements notifications, look here for Where external references such as Microsoft KBs are cited if you want to troubleshoot something further on background references I have used, or that relate to the process.
Expert Tip The Expert Tips are generally optional information that offers optimization hints or tricks. Occasionally these may do nothing more than remind you to beware for common mistakes other have made, or assumptions you should avoid.
Technical
Background
Technical Background sections are purely educational, and opportunity for me to fill out more information than you need for the task at hand, but that either sketch in the details of the underlying logic of what you are working on, or frame the project with a different perspective. You may find references to or abstracted information from a whitepaper describing a related or alternative approach to a project step.
-
Page 29
Copyrigh Swing It!! T
How Mu A lot of issjust underthat much I try to chaand knowwork:
12
3
That geneproject tak
How t
ht 2004-2009 bTechnician Kit
ch Time Do
sues can shar an hour or oh time alone. A
aracterize thewing your own
. Time requ
. Time requadditional customizat
. Time requhard drive,
eral summarykes a bit long
Impor
Summ I strongwithin a It is veryless thantime as w
o
o I am notcontraryopen-tim Swing Mthe projeeven if yHoweveone of th
o Perform a
by SBSmigratio Documentatio
Summ
oes a Swing
ape the timelinover ten hoursAn estimate o
e project scop unique cond
ired to performired to build aapplications, tions. ired to transfe, plus the Exc
y could be ester as you are
rtant Proje
mary Sche
gly encouraga fixed comp
y likely that mn 16 hours, awell, provided
A very well cocomplicationsA familiarity w
t trying to scay, I think most meline constru
Migration is noect path is thayou make a mer, the open timhe core benef
Swing Migra
on.com on
mary Tim
g Migration
ne. For instans, right? Unfoof 5-10Gb/hr.
pe in a simpleitions. Look fo
m the Swing sa new SBS 20anti-virus pro
er the data viachange Inform
timated as mie just learning
ect Note
edule Rec
e you not to letion deadli
ost people cand that manyd you have ei
onfigured ands with many of t
re anyone int anyone can uction and tes
ot hard, but it at you can alm
mistake in youmeline is not fits in your su
ation from 20
eline Con
Project Req
nce, the amourtunately, macan apply on
e manner you or the time re
steps includin008 server frooducts, line-of
a a backup anmation Store m
nimum of 12-g and working
commenda
choose youine of 3 days
an finish their y can completther:
d healthy exis
the technical
to believing thlearn the procsting.
is detailed drmost always sr steps, withoonly a benefipport options
003 to SBS 2
nsideration
quire?
unt of data yoilbox and pub
n the Exchang
can relate to equired to be t
ng the TempDom bare metaf-business ap
nd restore semove from Te
-15 hrs, thougg your way thr
ations
r first Swings or less time
second Swinte their first m
sting productio
concepts of d
his is too difficcess and app
riven project wstart over at aout starting bat for you work
s.
008
ns
u need to moblic folder migge Information
based upon the sum of th
DC constructioal to completiopplications, an
quence usingempDC to Fin
gh you may finrough the pro
g Migration e in advance
ng Migration inmigration in tha
on server with
domain/serve
cult to learn. Opreciate the va
work. A uniqua midpoint of pack at the verking in this wa
ove could requgrations can tan Store move
your experienree stages of
on and cleanuon, add any nd preferred
g media such nalDC.
nd your first cess the first
.
n at
hout
er migrations
On the alue of
e feature in progress, ry beginning. ay, its also
uire ake s.
nce f
up.
as
time.
-
How to Perform a Swing Migration from 2003 to SBS 2008
Page 30
Copyright 2004-2009 by SBSmigration.com Swing It!! Technician Kit Documentation
How Much Operations Down-Time is Involved When you perform a Swing Migration to replace an existing server with new hardware, 95% of the project tasks are performed offline and in advance of that transition point where your production domain must be taken down. Thats the point where your new server is fully constructed and you now only need to move the data over. In most cases, you more likely will take several days or a week to complete the server construction, but you can take a month if you need to. You have the option to approach the project construction time separately from the downtime as long as you are bringing in new hardware as part of the project. You can prepare the server and then schedule the transition for when its convenient. The crucial timeline pinch is the impact on productivity when you reach Phase 5 and proceed to shutdown for transfer of the Exchange and all data. In a Swing Migration where a new server is being deployed, this period determines the apparent migration time as seen by business operations because they remain in operations for all construction in the preceding time. Everything else is fairly transparent to the business operations and staff. With some experience and familiarity to the process gained, its possible to complete a full production migration, including 3rd party apps with all work completed in one long day, with data migration and interruption to the business operations following that. You might be able to handle the data migration overnight, but this may be optimistic. Practicing the project is the only way to really know the time needed. Time Required for a New Installation back onto the Original Hardware? This is the least optimized project, but its still a pretty good solution. If you are redeploying the same hardware, with or without a product upgrade, you cant work very far into the Swing Migration before you need to shutdown the original server. Its quite simple: you need the hardware for the balance of the construction. The construction time is pretty much the same as before, but you are no longer working offline, and you lose the option to put the old server back online unless you do significant disaster recovery preparations. Therefore, the disaster recovery steps in advance also add to your timeline.
Important Documentation Note!
You Have 21 Days to Complete Your Migration
SBS Product License Enforcement begins in Phase 3 Microsoft designs SBS 2003 and SBS 2008 to enforce that only on SBS server may operate permanently in a singled domain. The time limit for concurrent operations of 2 or more SBS servers is 21 days. The 21 day period countdown begins on the date you initiate the Migration Mode segment of the construction of the SBS 2008 by joining it to your SBS 2003 based domain. This corresponds to the Phase 3 construction tasks in a Swing Migration. Please refer to that section of this documentation for more details on this topic if you are concerned you cant complete your project within 21 days.
-
How to Perform a Swing Migration from 2003 to SBS 2008
Page 31
Copyright 2004-2009 by SBSmigration.com Swing It!! Technician Kit Documentation
Pre-Upgrade Disaster Recovery Precautions What follows here are recommend incremental risk analysis regarding the steps we are performing, not a full risk analysis of the business operations overall. (Note: If your project requires redeploying the original hardware, most of these points become critical. You will need a full disaster recovery plan for the entire project.) We have two perspectives on making incremental backups during this project. Obviously the highest priority is to protect against a catastrophe in the production operations. Amazingly enough, its actually possible to work the entire project with no extraordinary or extra disaster recovery preparations provided you are replacing your hardware, and you start with a System State backup to start Phase 1, and an Exchange Online backup to flush the logs, followed by an offline transfer of the files. The old server drives may be all you need as your disaster recovery backup! The second perspective: Protection against losing project progress time. You will find numerous points in the project that identify make a system state backup. This allows you to repeat a sequence of tasks if you have a construction problem. This can save you hours of reconstruction work.
Prior to Phase 1 A System State backup prior to starting is sufficient. You might be comfortable just to confirm the previous nights routine System State backup was successful. We install Service Packs, remove the Exchange Server Instant Messaging if its present. The balance is just preparing notes. If you are very conservative, you may want to make a full system recovery backup in preparing for an Active Directory recovery, assuming you are preparing for the very worst case scenario in the Phase 2 steps as well as the Service Packs.
Phase 2 (Steps A & B) The production domain is only involved during the initial steps of this
phase. During that brief period, we are connected just long enough to add our new Domain Controller to the production domain, replicate AD to it, then we disconnect. We never need to reconnect again. This step generally isnt a high-risk process. Therefore, a System State backup is usually sufficient for disaster recovery. A full AD rollback is probably not anticipated, but we will be adding a DC and DNS changes affecting AD. Technical information on how to back-out the changes to the production domain without requiring an Active Directory restore has been included here.
Phases 2 (Steps C and later) though Phase 4 At this point, we have moved to working entirely
offline, detached from the production domain. Its not necessary to do any disaster recovery process since you are working offline with a clone of the AD, the worst you can do to yourself is kill your AD or your offline DC and need to start over. The production domain isnt at risk, so this is quite safe, and efficient. Yet at the end of Phase 2 a System State backup is critical for roll-back. You may need to repeat Phase 3 more than once to get a clean installation report.
Phase 5 This is the transition point where we are ready to migrate the data and remaining
configuration. Your original server is your backup, plus whatever backup of that you have, because the original server is never introduced to the new one, it has remained unchanged.
Suppose that you are starting your Server transition for a Saturday morning, and you know you got a good complete backup of the production SBS the previous night. If nothing else, you could disable the Internet connection to make a final backup of Exchange before you shift the servers. The backup from the night before would presumably including System State, Online Exchange Stores with logs flushed, and all data files. You might move the backup device over to the new server and do the restore of the data files, but not the Exchange stores (we cant do a restore that way). The Exchange Stores could be migrated to a portable disk drive to transfer a copy over to the new server.
-
How to Perform a Swing Migration from 2003 to SBS 2008
Page 32
Copyright 2004-2009 by SBSmigration.com Swing It!! Technician Kit Documentation
Phase Zero: Migration Notes Preparation
and Domain/Server Audit
Figure 2-6 Phase 0 Domain and Server Health Evaluation
-
How to Perform a Swing Migration from 2003 to SBS 2008
Page 33
Copyright 2004-2009 by SBSmigration.com Swing It!! Technician Kit Documentation
Why a Phase 0? Project Planning and Health Review
You may be wondering, why have a Phase Zero, why not start with a phase one? The answer is that your migration tasks specific to this one unique project start in Phase One, but for now we are just going to confirm the health and configuration of the existing environment. As you begin with Phase Zero, you will make as close to zero changes as possible to your existing production server and operations unless you find that your existing Domain Controller is actually non-standard or unhealthy. Obviously, you want to start with a healthy server whenever possible. More importantly, the health check we do is intended to ensure that when you begin Phase 1, all the minimum conditions to succeed with the project are met. Once you confirm the proper configuration of the existing server, you will begin taking the notes you will need. One of the reasons for the note taking is also to confirm namespace and configuration details that are critical to your project. While this section isnt trying to walk you through process as theory, please dont be tempted to think Phase Zero is any less important that the five phases that follow it. An omission or oversight in this phase could result in a permanent condition that might lead you to work the entire project over again if you come to realize the error too late. Quite simply, if you dont go through the tasks in the section, you almost certainly will reach a point in the project where you are either stuck and the project halted in need of something you could have obtained from whats covered in Phase Zero. Even worse, you might impact upon a condition that prevents you from moving forward with the work you started without starting over or taking a different course. Phase Zero walks you through validating that you can anticipate a successful Swing Migration on this project, and helps you prepare the information you will need to have on hand as you go forward.
-
How to Perform a Swing Migration from 2003 to SBS 2008
Page 34
Copyright 2004-2009 by SBSmigration.com Swing It!! Technician Kit Documentation
Phase 0 Task Outline & Checklist Preparations
Tasks Health Audit: Namespace Part 1 1 Namespace Compliance Audit Verify critical names for server, domain, applications
Tasks Health Audit: Server and Domain Settings Part 2 1 Network Adapter and DNS Configuration Ensure normal configuration for DC operations
2 Multi-Adapter/Host Environment NIC Bindings Ensure functional configuration is established
3 NIC Services Bindings Ensure functional configuration is established
4 Default Services Configuration Confirm required DC configuration and service conditions
5 DNS Server and Forwarders Verify DNS configuration and health
6 DC and Global Catalog Health Verify AD roles and DC resolution behavior
7 Administrator Default Group Memberships Audit for required & incompatible group settings
8 Minimum Required Policy & Rights Configuration Verify and update for required rights & permissions
9 SMB Signing Configuration Audit Verify secure channel communication and policy actions
10 Single Label Domain Name Resolution Validate proper domain name configuration requirements
11 Refresh and Audit Operations Review changes from previous revisions
Tasks Health Audit: FRS Operations Part 3 1 File Replication Service Health Audit & Repair Confirm health of critical replication operations
Tasks Notes Notes Preparation 1 Prepare Migration Settings and Reference Notes Baseline information for remaining project tasks
-
Page 35
Copyrigh Swing It!! T
What makto abando Microsoft Windows
How t
ht 2004-2009 bTechnician Kit
He
kes this sectioon the project
has introduce2000, as wel
Impor
Single What is Typical iwith a .L
Howevemean th
Single-laWindowActive D The maiblocks athe sam This is thWindow As an adfrom 200the use Exchang
o Perform a
by SBSmigratio Documentatio
ealth CheC
Serv
on critical is of domain/se
ed tighter naml as from Win
rtant Proje
e Label Do
a single-labe
in an SBS enLOCAL label f
Companyna
er if the Activeere is no peri
Companyna abel domain ns domain to h
Directory doma
n change moa single-label e as with Win
he only signifs 2003 doma
dded note, Fo03 version forof ADMT or Rge 2007.
Swing Migra
on.com on
ecklist: PCritical Naver, Applic
that incompaerver preserva
mespace restndows 2000 m
ect Note
omain Na
el domain nam
vironment is tfollowing the
ame.local illus
e Directory doiod in the full
ame without th
names shouldhave both a Nain name is 2
oving now intodomain name
ndows 2003.
ficant change ains or Exchan
orest Name Crward, therefoRendom tool w
ation from 20
Part 1 Eamespacecations an
atible or degraation, or alter
rictions in eacmoving to Win
ames: Bloc
me?
to name the Aroot name. Th
strates a com
omain name isforest domain
he .local is a s
d not be confuNetbios doma2-labels or m
o SBS 2008 pe. Other than
in Namespacnge 2003 org
Changes are nore a Single Lwhile still in W
003 to SBS 2
Existing e Audit nd Domai
aded namespr the path of th
ch increment ndows 2003.
cked from
Active Directoherefore:
mmon 2-label d
s only a singlen name:
single-label d
used with the in name that
more.
platforms is ththat, the nam
ce requiremeanizations.
no longer supLabel domain Windows 2003
008
Domain
n
pace conditionhe project ste
from domain
m Upgrade
ory domain
domain name
e label, this tr
omain name.
continuing feis one word
hat SBS 2008 mespace com
nts from proje
pported by Exis going to re
3 domain, pre
ns could lead eps.
s under NT 4
e
e.
ranslates to
.
eature of a , but the
Setup patibility is
ects with
change equire either e-upgrade to
you
.0 to
-
Page 36
Copyrigh Swing It!! T
How t
ht 2004-2009 bTechnician Kit
Ex Yodo Callout becliter TheSBS.LOAD recosimthis beccon Nobtech Nobdom
o Perform a
by SBSmigratio Documentatio
xpert Tip
ou do NOTmain nam
l it a myth or cthere on the
cause it is not ral name as y
e confusion orS 2000 refereCAL extensiodomain and pommends youply because yis their sugge
cause it doesnfuses it, but it
body should tohnically just b
body should bmain name to
Swing Migra
on.com on
T need to me to com
call it confusioquestion of reusing .LOCAour public do
riginates fromences and wizon as part of apublic facing u use .LOCALyou have to pestion. They ant really help t doesnt brea
oss out an execause it doe
be concerned the public do
ation from 20
revise anply with .L
on, there is juenaming an eAL in the domamain.
m some badly zard details. Itan SBS domaInternet domaL if you are crpick somethinalso recommesimplify your
ak it regardles
xisting domainesnt comply w
about matchomain name.
003 to SBS 2
n existing LOCAL
ust bad informexisting domaain, or is the s
worded docuts never beenain. Its also nain name matreating your fg when you send not usingr configurationss.
n or attempt towith .LOCAL.
ing or not ma
008
SBS
mation in just same
umentation in n critical to ha
not a problem tch. Microsoftirst AD domastart from scrag your public dn, and potenti
o rename it
atching the AD
the ave the if your
t in atch, domain ally it
D
-
How to Perform a Swing Migration from 2003 to SBS 2008
Page 37
Copyright 2004-2009 by SBSmigration.com Swing It!! Technician Kit Documentation
Here is a summary of what is covered in the balance of this section in more detail and included troubleshooting and workaround options to resolve established conditions you have inherited. Depending upon what you discover in reviewing that table, you may find that you will not be able to preserve you existing domain. Potentially, the complications or blocks are so severe, you might start over.
Namespace Summary Guidelines: Restricted Characters
Namespace Situation Explanation
Namespace Character for: o DNS Domain o Netbios domain o Domain Controller Servers o Exchange Servers
o Uppercase letters A through Z o Lowercase letters a through z o Numbers 0 through 9 o Hyphen
Exchange Server Organization Name o All characters as above, plus the space
character is allowed for natural text naming phrases with spaces included.
Most Compatible Domain Name (examples)
o Private.Lan o [GenericName].Local
(provided no Mac computers involved)
Namespace Guidelines: Preferred Naming Choices
AD Domain Name Conditions to Avoid Explanation
To avoid Mac computer complications, do not use .LOCAL
Requires additional configuration of the Mac computers to operate
Do not use the exact public Internet domain name (.COM) for your internal domain name, make them different.
Requires additional DNS record configuration to enable browsing a web hosted website by that name.
Avoid a literal business name for the internal domain name to avoid a future need for renaming it
Renaming the internal domain is complicated, potentially requires a full reinstallation of the entire domain.
Do not reinstall a domain only for a cosmetic namespace change Use the recommended workarounds.
If you find issues identified in the table above that you want to understand with more background explanation, refer to the Domain Audit Guide available from the SBSmigration.com website.
-
How to Perform a Swing Migration from 2003 to SBS 2008
Page 38
Copyright 2004-2009 by SBSmigration.com Swing It!! Technician Kit Documentation
Task 1 Namespace Audit Phase 0 Part 1
Blocked Namespace Checklist Windows 2000/2003 Domains
The namespace information below can be critical to your ability to even complete a project, therefore this first task is very important. You need to pay special attention to Domain name and Server name references.
Namespace Planning and Review Allowed Namespace in this next series of tasks applies to any names for: o DNS Domain (Active Directory) o Netbios domain o Domain Controller Servers o Exchange Servers Warning: The underscore _ is no longer supported for use in Windows 2003 based domains. SBS 2003 setup blocks it, as do Exchange Server 2003 setup.
Note: You will be provided a separate list of characters for the Exchange Organization allowed character set.
Task 1.1 Critical Namespace Character Restrictions
Compliant Character Set o Uppercase letters A through Z o Lowercase letters a through z o Numbers 0 through 9 o Hyphen Note: Any additional characters previous allowed in namespace for Windows 2000 or Exchange 2000, but not in the list above, should be considered incompatible for continued future use, therefore a namespace to abandon. Verify each of the following, you can use the table below to record the names if you want.
Validation Server and Domain Namespace
; DNS Domain Name AcmeDomain.local
; NetBios Domain AcmeDomain
; Server Name (DC) Server01
; Server Name (Exchange)Server01
Continued with following page
-
How to Perform a Swing Migration from 2003 to SBS 2008
Page 39
Copyright 2004-2009 by SBSmigration.com Swing It!! Technician Kit Documentation
Task 1.2
KB 226144
Netbios domain name o NetBIOS domain name has a 15-character limitation. o Do not use dotted netbios names. Instead, use a hyphen when a dot is needed. Note: NT4 Netbois Domain names can be renamed fairly easily before entering an upgrade to an Active Directory domain. Renaming a Domain after creating Active Directory is a signification project and should be avoided.
Task 1.3
DNS Domain Name o DNS does not allow all numeric character domain name, or first label. (For example:
123456.local is not allowed)
Task 1.4
KB 245809 KB 295710 KB 222823 KB 241980
Domain Controller Name Active Directory domain names on DCs are restricted in total character length. Dcpromo.exe maintains a limit of 52 characters for the fully qualified DNS domain name. (UTF-8 byte characters)
Task 1.5 Exchange 200x Organization Name
o Uppercase letters A through Z o Lowercase letters a through z o Numbers 0 through 9 o Dash or hyphen o Space Note: LegacyDN can be used for a workaround on retaining the Information Store with an Organization Name that isnt compliant. The name of the new Exchange Server used to mount that legacy store must be compliant to current requirements, even if LegacyDN is used to workaround a non-compliant condition in the Information Store namespace.
-
Page 40
Copyrigh Swing It!! T
How t
ht 2004-2009 bTechnician Kit
He
Ex ImAd Do rathstan For WinFromprobstar The25%proj Withchafactsho
o Perform a
by SBSmigratio Documentatio
ealth CheExisting D
xpert Tip
portant Hdjustment
not think theher these arendards.
instance, supndows 2003 Sm there, you bably find yourted because
e problem that% of the serveject because
hout meeting nce of hitting t, you might nuld take the t
Swing Migra
on.com on
ecklist: PDCs Reco
ealth AudRecomm
ese are Swine standard he
ppose if you wServer as the try out a Swinu dont need athey are alrea
t we face in der project I gethey didnt ins
these minimua problem inot even see atime to review
ation from 20
Part 2 Eommende
dit and Coendations
ng Migration ealthy doma
wanted to do first new Domng Migration fany of these tady establish
doing a Swingt support reqspect the hea
um requireme Phase 2, 3 oa preventablew the health o
003 to SBS 2
Existing ed Configu
onfiguratios
prerequisitein configura
a lab test youmain Controllefrom that macthings to be ined.
g Migration is uests on ran alth of the orig
ents, you stanor 4 that coulde problem untf your existing
008
Domain uration
on
es, tion
u built a new er in a new dochine, and yonspected to g
that approximinto a problemginal server!
nd a pretty god be preventeil Phase 5. Yog server.
omain. u would
get
mately m in the
ood ed. In ou
-
How to Perform a Swing Migration from 2003 to SBS 2008
Page 41
Copyright 2004-2009 by SBSmigration.com Swing It!! Technician Kit Documentation
Task 1 NICs set to Internal DNS Only Phase 0 - Locally at Each DC
All Network Adapters DNS entries must point only to internal domain DNS Servers
An Active Directory server that is hosting DNS must have its TCP/IP settings configured properly. TCP/IP on an Active Directory DNS server must be configured to point to itself to allow the server to register with its own DNS server. On a DNS Server, remove any DNS entries on all TCP/IP network interfaces which refer to Internet based DNS Servers. Configure each interface, both internal and external, to point only to the DNS Servers own primary LAN IP, or another internal domain DNS Server as your option. The DNS Server Forwarders feature is the only location where Internet DNS Servers should be configured.
Expert Tip
As an example, if your SBS 200x Server uses the internal IP of 192.168.16.2 for the LAN IP and is the only DC and DNS Server in your domain, the correct and normal configuration is to list only this IP on all NIC entries to indicate DNS Servers. Do not use NIC entries like these (each of these are wrong):
o Loopback 127.0.0.1 o ISP DNS Servers o The NIC IP on your server facing externally o DNS Servers in remote sites over slow connections
KB 260371 To view the current IP configuration, open a command window and type ipconfig /all to display the details. You can modify the DNS configuration by following these steps: 1. Right-click My Network Places, and then click Properties. 2. Right-click Local Area Connection, and then click Properties. 3. Click Internet Protocol (TCP/IP), and then click Properties. 4. Click Advanced, and then click the DNS tab. Configure the DNS information as
follows: a. Configure the DNS server addresses to point to the DNS server (itself).
Typically this should be the computer's own internal LAN IP address. b. If the resolution of unqualified names setting is set to Append these DNS
suffixes (in order), the Active Directory DNS domain name should be listed first (at the top of the list).
c. Verify that the DNS Suffix for this connection setting is either empty (nothing set), or the same as the Active Directory domain name if present.
d. Verify that the Register this connection's addresses in DNS check box is selected (enabled).
5. At a command prompt, type ipconfig /flushdns to purge the DNS resolver cache, and then type ipconfig /registerdns to register the DNS resource records.
The table below provides an overview of related information in summary form:
Technical Hint: Key network settings on multi-homed DC/ DNS/ Exchange Servers like an SBS would typically be configured in this way:
Network Interface Connections > Primary NIC Internet Other Subnet
IP Assignment Static LAN IP Web IP As needed
Default Gateway (set on 1 NIC only) Gateway
DNS Server (point to self) LAN IP LAN IP LAN IP
Register Connection in DNS enabled disabled enabled
WINS/Netbios/Microsoft Networking enabled disabled disabled
DNS Request Listen On Interface enabled disabled enabled
-
How to Perform a Swing Migration from 2003 to SBS 2008
Page 42
Copyright 2004-2009 by SBSmigration.com Swing It!! Technician Kit Documentation
Task 2 NIC Binding Order Phase 0 - Locally at Each DC
Network Interface Bindings Interface Order
Primary LAN IP connected NIC must be at the top of the connections bindings order list.
Next Task Continues from here
To set the network bindings options:
1. Open the Network Connection properties from Control Panel or right-click on My Network Places icon in Windows Explorer.
2. Navigate from the top menu bar option:
Advanced Advanced Settings Adapter and Bindings
3. Sort all NICs in order at the top of the list in the Connections items, specifically placing the NIC with the primary LAN IP at the first position at the top.
4. Click Apply, but do not close the panel. Note: Do not exit the Bindings Panel, your next task resumes with the additional steps performed in the WINS/Netbios Service bindings options.
Task 3 Network Service Bindings Phase 0 - Locally at Each DC
Network Services Bindings WINS/Netbios Services bound only on the primary LAN Network Adapter
The following services should not be bound to the Internet connected NIC, or to more than one network adapter on a DC or DNS Server:
o Client to Microsoft Networking o Microsoft File and Print Service
Bindings for these services to more than one interface on a Domain Controller can cause internal network services to act in abnormal, even a bizarre manner. Binding these services to Internet facing interfaces can become a security threat exposure.
Task steps continued
from above
Beginning with or continuing from the steps indicated in the previous task item just above for correcting the Network Binding Order, next do the following additional steps:
1. Select the primary LAN IP NIC in the Connections list. 2. In the lower are indicated as Bindings for [connection name] review each protocol and
service bound to your internal LAN requires indicated as enabled with a checkbox entry. At a minimum this will normally include: Internet Protocol (TCP/IP) bound to both: o Client for Microsoft Networks o File and Printer Sharing for Microsoft Networks
3. As you review each additional Connection item (network interface) other than your primary LAN connection, you must now disable the bindings for those two same two services. Only the primary LAN IP NIC should be bound to the Microsoft Networks related protocols.
4. Close the Advanced Settings panel when you finish the adjustments for this task.
Note: These changes do not disable TCP/IP on your other interfaces, only the layer of Microsoft Networks protocols. Your Internet traffic will continue to flow normally. If you use a VPN, the Microsoft Networks can still be supported inside the tunnel as well.
Important Concern
Reboot Required for Completion: Modifications in Task 2 or 3 may require a reboot to take full affect with startup services. You may continue forward immediately and reboot at the final task.
-
How to Perform a Swing Migration from 2003 to SBS 2008
Page 43
Copyright 2004-2009 by SBSmigration.com Swing It!! Technician Kit Documentation
Task 4 Services Phase 0 - Locally at Each DC
Services required to be installed and running
Its quite possible for a solo DC in a standalone domain to operate normally in supporting client request, yet not have the minimum required services in order to embrace replication operations, or for adding and maintaining additional DCs in the domain. Dont assume that if your existing DC is operating normally, that a DCpromo of an additional DC will complete successfully.
KB 829623 KB 324418
From the Manage Computer console (right-click on My Computer, choose Manage), review the services listed. To review the installed Services list: 1. Right-click on My Computer, choose Manage. 2. Expand Services and Applications. 3. Expand Services. 4. For any service in the list below which is to be set for Automatic, if it is not currently
started, enable and start it.
Distributed File System DNS Client DNS Server File Replication Service Kerberos Key Distribution Center Net Logon Remote Procedure Call (RPC) Security Accounts Manager Server TCP/IP Netbios Helper Service Workstation Windows Time
Automatic
Distributed Link Tracking Client Remote Procedure Call (RPC)
Locator Manual
Distributed Link Tracking Server Intersite Messaging
Disabled (for SBS, single site domains)
Windows Firewall / Internet Connection Sharing Important Concern (see below)
Important Concern
Note: Windows Firewall / Internet Connection Sharing is an unusual case here. However, if the Firewall is active on a LAN connected NIC, it may also prevent normal replication with other Domain Controllers. You can disable the service, or filter it on the LAN connected NIC to allow replication. You may also see later that this service reactivates again due to Group Policy enforcement refresh. You should not disable the firewall if the machine is otherwise unprotected and still connected directly to the Internet.
Expert Tip
If a service listed above is not installed, consult the Windows Components options in Add/Remove Programs to add it.
Other than the firewall service, for any service in the list above which is suggested to be set for Disabled, theres no harm to have that service running. For the DCpromo steps of adding a Domain Controller, our greatest concern is that the minimum number of services required are running, not that we halt others.
-
How to Perform a Swing Migration from 2003 to SBS 2008
Page 44
Copyright 2004-2009 by SBSmigration.com Swing It!! Technician Kit Documentation
Task 5 DNS Forwarders Phase 0 - Locally to Each DNS Server
Use Forwarders to resolve Internet based
DNS addresses
In earlier tasks for this Phase 0 you are instruction Do not include Internet DNS Servers on the network adapter based DNS references list. You may be confused how Internet DNS can be resolved in that approach, so this is the answer. After you configure the network adapters for Primary and Alternate DNS Server settings to point to itself, you now should either set Internet based DNS Servers using the Forwarders option or allow Root Hints to resolve Internet Addresses. Root Hints are the top-level Internet DNS servers list. This is further explained in the previous task discussion.
KB 260371 1. Start the DNS Management console.2. Right-click the object named for this server, and then click Properties. 3. Click the Forwarders tab.
Note: Windows 2000 Servers may provide a tickbox selection you must enable to allow the configuration or addition of Forwarders entries.
4. You will see a set of controls that allow you to Add, Remove or change the order of